Ask Slashdot: Protecting Home Computers From Guests?
An anonymous reader writes "We frequently have guests in our home who ask to use our computer for various reasons such as checking their email or showing us websites. We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware, despite having antivirus and the usual computer security precautions. We have tried using a Linux boot CD but usually get funny looks or confused users. We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised. What tips do you have to overcome this problem, technologically or otherwise?"
I think they call it guest wifi and byod.
Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.
Set up a VM in Virtual Box for them to use. Take a snapshot of when it was healthy and new and just revert to that each time someone wants to use it. Even paying for a Windows install for the VM would be cheaper than an iPad.
Something like VirtualBox or VMWare that supports snapshots. Install an OS into the virtual machine and set some firewall rules to keep it from accessing anything else on your network. When they ask to use your computer, launch the virtual machine and set it to full screen. They won't know the difference. When they're done, revert to snapshot.
Except that NoScript does not protect anyone from downloading "hi_I_saw_you_wanna_fuck.jpg.scr.pif.exe.bat.com"
Dear aunt, let's set so double the killer delete select all
Amen to that. That's what friends and the kid's friends get handed when they ask to "check their email and Facebook". It works.
-Guns kill people like spoons made Rosie O'Donnell fat-
And put it in its own separate guest network, which is logically isolated from your own stuff by a firewall, maybe run a print server too (people often want to print boarding passes)...
As for funny looks, a browser is a browser and i've never had any problems giving someone a linux livecd, it has both firefox and chrome and most people are perfectly familiar with these applications.
Why go to the trouble of a separate network?
The odds of even the most retarded of users inadvertently fucking anything beyond the one machine they're touching is absurdly low, unless you're running outdated shit on your network. Remote exploits are remote exploits, and you should protect each device regardless or whether or not you trust the rest of the network.
If someone is so fuck-up prone that you think your proper boxen could be fucked by some schlub lolcatting around on the same network, you should be more worried about them tripping in your house and suing you.
>> Printing boarding passes? How quaintly retro!
I think you'll find that the same guests who want to borrow your computer are also the same ones who won't be able to get boarding passes on their phone.
I consider myself to usually be on the bleeding edge of technology, but phone-based boarding passes are right out. I've never had a piece of paper run out of power, but I've had my phone die halfway through the travel day for reasons unknown (turned into a little toaster and burned through its battery - presumably the radio got in a weird state) and have had it stolen while traveling. I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.
And yes, most of the time when my guests want to borrow a machine, it's because they need a printer for boarding passes.